This certification also known as the ISO 27001: 2013 is part of the ISO 27000 family of standards which helps organisations keep information assets secure. The certification was achieved on the heels of the bank’s drive to revolutionalise the banking sector digital experience with Octopus, by putting in place a systematic approach to managing sensitive organisational information, ensuring it remains seamless, secure and available.

With the introduction of Octopus, the ISO 27001: 2013 Information Security Management Certification is proof of the Bank’s demonstrated ability to consistently provide products and services that gives service consumers and customers an easily recognisable security hallmark.

Speaking on the award received, The MD/CEO of Heritage Bank Plc, Ifie Sekibo reiterated the bank’s commitment for secured services, whilst assuring customers that their information is appropriately protected and, as such, reduces the need to undertake time consuming and costly onsite security audits reducing time and cost for both parties.

According to him, the certification demonstrates credibility and trust, which reduces customer and supply chain audit and ISO 27001 certification reduces third party scrutiny of your Information Security Management by customers and the wider supply chain.

“The achievement of ISO 27001 will differentiate two competing organisations in the market place, providing a valuable competitive advantage. Increased legislative and regulatory compliance ISO 27001 supports compliance with relevant laws such as the Data Protection Act 1998 and software copyright legislation. This in turn reduces the risk of facing prosecution and fines. An organisation’s liability in security incidents may be reduced if it is certified ISO 27001 compliant,”

He further explained that it reduces customer and supply chain audit, stating that ISO 27001 certification reduces third party scrutiny of your Information Security Management by customers and the wider supply chain.

As ISO 27001 is the current international benchmark for Information Security Management, it is increasingly recognised that compliance with the standard is supportive evidence of adequate security. Considerations and outcomes To achieve ISO 27001 certification, an organisation must produce documentation that demonstrates that it has developed an Information Security Management System that complies with the standard. Organisations should consider producing most of this documentation even if they are not going for certification as it provides a best practice approach for compliance as well.

There are three key issues to note about the standard: Its generic requirements mean that it is applicable to all organisations, regardless of size, type or nature. However, you tailor it to the exact needs of your organisation through the information security controls that you select to implement within your Information Security Management System. It takes a flexible, risk-driven approach. It is dynamic – it focuses on continual improvement and helps the organisation keep ahead of changes both within and outside the organisation.